SFTP Port Alternatives for Remote Access

Remote access that depends on SFTP over port 22 often runs into blocked ports, inspection gaps, and usability issues. If you want seamless, secure access that passes firewalls and supports collaboration, shift to HTTPS 443 using WebDAV (RFC 4918) and, where native SMB is required, SMB over QUIC on UDP 443—then deliver it to users through MyWorkDrive with AD/Entra ID, MFA, and DLP.

SFTP explained without myths

Two different protocols share the “SFTP” acronym. The historic Simple File Transfer Protocol is documented in RFC 913. What most teams use today is SSH File Transfer Protocol, an SSH2 subsystem defined in the IETF’s secsh filexfer draft, running on TCP 22.
Do not confuse either one with FTPS (FTP with TLS). The standardized approach is RFC 4217 for explicit FTPS on port 21; the old implicit style on 990/989 is historical and not recommended.

Why organizations look for SFTP port alternatives

• Firewall and NAT friction: Security teams commonly restrict 22, while traffic over 443 aligns with web policies and WAF inspection.

• Limited collaboration: SFTP focuses on transfers, not mapped drives, file locking, co-authoring, or browser productivity.

• Identity and governance gaps: SSH keys sit outside AD/Entra ID conditional access, device controls, and DLP.

• Support overhead: Users must learn SFTP clients instead of familiar mapped drives or a web file manager.

The top alternatives that keep you on port 443

1) HTTPS/WebDAV for universal reach

WebDAV extends HTTP so users and apps can create, move, and lock files over TLS 443 using the methods defined in RFC 4918. Because WebDAV rides standard HTTPS, it passes through WAFs and proxies your team already trusts. In practice, pairing WebDAV with MyWorkDrive’s web file manager and mapped drive client gives users a familiar experience without VPNs or SSH keys.

2) SMB over QUIC for native Windows workflows

Microsoft encapsulates SMB inside TLS 1.3 over QUIC on UDP 443 so you avoid exposing TCP 445 to the internet. The platform details are documented in SMB over QUIC. Use this when Windows-to-Windows semantics and file locking matter, then expose broader, cross-platform access via HTTPS/WebDAV.

SFTP vs. HTTPS/WebDAV vs. SMB over QUIC

Protocol	Default Port	Firewall/NAT	Identity & SSO	Best Use
SFTP (SSH)	22/TCP	Often blocked; SSH tunnel only	SSH keys; outside AD/Entra ID	Point-to-point transfers
HTTPS/WebDAV	443/TCP	WAF-friendly; single connection	Works with web SSO and conditional access	Browser access and mapped drives
SMB over QUIC	443/UDP	Internet-safe; no TCP/445 exposure	Windows auth with modern TLS	Native SMB with file locking

Why port 443 becomes the default

A single encrypted connection over TLS 443 simplifies inspection, logging, and policy. You can align remote file access with existing web controls, then layer modern authentication and data protections in front of your shares.

• Enforce MFA and device posture using Entra ID and conditional access in front of your file access.

• Apply download controls and content restrictions using MyWorkDrive DLP within the web and mapped drive clients.

• Keep files where they are and keep NTFS permissions authoritative using the MyWorkDrive server setup.

How MyWorkDrive replaces SFTP for users

Instead of giving out SSH keys and client installers, publish your existing shares over HTTPS 443 with:

• A browser experience that respects NTFS ACLs in the web file manager.

• A familiar drive letter using the mapped drive client for Windows and macOS.

• Quick distribution via the download center.

• VPN-free drive access explained in our guide to a mapped network drive without a VPN.

Security controls stay centralized. You keep AD/Entra ID, MFA, DLP, device approval, and auditing on the same stack that protects your other web apps—all while avoiding SSH on port 22.

Deployment patterns that work

• All-HTTPS: Serve all users through MyWorkDrive over 443 with WebDAV and the browser client for the broadest compatibility. Start with the server setup guide and roll out the desktop clients.

• Hybrid: Use SMB over QUIC for Windows-native workflows and MyWorkDrive over HTTPS for partners, BYOD, and browsers.

Implementation checklist

• Standardize on TLS 1.2+ and harmonize cipher policy at the edge.

• Limit inbound exposure to 443 and terminate TLS where your WAF and SIEM can see it.

• Enforce MFA and conditional access using your VPN alternative controls.

• Apply DLP and device approval in the MyWorkDrive clients.

• Test disaster scenarios with users connecting only through the web and mapped drive, using your existing NTFS permissions.

{ "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "What are the best SFTP port alternatives for remote access?", "acceptedAnswer": { "@type": "Answer", "text": "Use HTTPS/WebDAV over TCP 443 or SMB over QUIC over UDP 443. Both pass firewalls more easily than SFTP on 22 and integrate with modern identity and security controls." } }, { "@type": "Question", "name": "Why move away from SFTP port 22?", "acceptedAnswer": { "@type": "Answer", "text": "Port 22 is frequently restricted, SFTP is transfer-centric, and SSH keys complicate enterprise SSO. HTTPS 443 and SMB over QUIC deliver better firewall traversal and collaboration." } }, { "@type": "Question", "name": "How does MyWorkDrive replace SFTP for users?", "acceptedAnswer": { "@type": "Answer", "text": "MyWorkDrive publishes existing SMB shares over HTTPS 443 with a web file manager, mapped drive, and mobile apps, enforcing NTFS permissions and AD/Entra ID." } }, { "@type": "Question", "name": "Can I keep SFTP for partners while using 443 for employees?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. Limit SFTP to partner edge workflows and use HTTPS 443 via MyWorkDrive for daily employee access to minimize risk and reduce support costs." } } ] }

Next Steps

Stand up a pilot with the server setup guide, roll out clients from the download center, and align your security posture using our VPN alternative controls.